Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads
Dec. 18, 2024, 5:37 p.m.
Tags
External References
Description
The FLUX#CONSOLE campaign involves a sophisticated tax-themed phishing attack that exploits Microsoft Management Console (MSC) files to deliver a stealthy backdoor payload. Threat actors use tax-related lures to trick users into executing malicious code. The attack leverages MSC files, which are normally used for administrative tasks, to execute obfuscated JavaScript. This leads to the deployment of a malicious DLL file (DismCore.dll) through DLL sideloading. The campaign employs advanced obfuscation techniques, including multiple layers of encoding and encryption, to evade detection. Persistence is established using scheduled tasks. The malware communicates with a command and control server, potentially exfiltrating data from infected systems.
Date
Published: Dec. 18, 2024, 5:16 p.m.
Created: Dec. 18, 2024, 5:16 p.m.
Modified: Dec. 18, 2024, 5:37 p.m.
Indicators
f6c435a9a63bdef0517d60b6932cb05a8af3b29fc76abafc5542f99070db1e77
b33d76c413ef0f4c48a8a61cfeb5e24ff465bbc6b70bf0cada2bb44299a2768f
b3b2d915f47aa631cc4900ec56f9b833e84d20e850d78f42f78ad80eb362b8fc
5756f6998e14df4dd09f92b9716cffa5cd996d961b41b82c066f5f51c037a62f
siasat.top
Attack Patterns
T1053.005
T1572
T1071.001
T1204.002
T1574.001
T1218
T1566.001
T1036
T1132
T1027
T1041
T1059
Additional Informations
Government
Pakistan